Small and mighty

What we cover in the 2018 Annual Cybersecurity Report

Evolution of malware

Malware is becoming more vicious. And it’s harder to combat. We now face everything from network-based ransomware worms to devastating wiper malware. At the same time, adversaries are getting more adept at creating malware that can evade traditional sandboxing.

Malicious encrypted web traffic

50 percent of global web traffic was encrypted as of October 2017. Encryption is meant to enhance security. But it also provides malicious actors with a powerful tool to conceal command-and-control activity. Those actors then have more time to inflict damage.

Rise of artificial intelligence

Encryption also reduces visibility. More enterprises are therefore turning to machine learning and artificial intelligence. With these capabilities, they can spot unusual patterns in large volumes of encrypted web traffic. Security teams can then investigate further.

Major findings

“Burst attacks” grow in complexity, frequency, and duration.

In one study, 42 percent of the organizations experienced this type of DDoS attack in 2017. In most cases, the recurring bursts lasted only a few minutes.

Many new domains tied to spam campaigns:

Most of the malicious domains we analyzed, about 60 percent, were associated with spam campaigns.

Security is seen as a key benefit of hosting networks in the cloud.

The use of on-premises and public cloud infrastructure is growing. Security is the most common benefit of hosting networks in the cloud, the security personnel respondents say.

Insider threats: A few rogue users can have a big impact.

Just 0.5 percent of users were flagged for suspicious downloads. On average, those suspicious users were each responsible for 5200 document downloads.

More OT and IoT attacks are on the horizon.

Thirty-one percent of security professionals said their organizations have already experienced cyber attacks on OT infrastructure.

The multivendor environment affects risk.

Nearly half of the security risk that organizations face stems from having multiple security vendors and products.

Did you know?

PDFs are the most common file type targeted by insider threats.

One suspicious user can have a big impact.

53% of defenders manage more than half their infrastructure in the cloud.

Why? It’s simple: more security.

34% of security professionals completely rely on machine learning.

For simpler, more automated security.

Mobile devices are number one.

They’re the hardest to defend according to our survey.

Nyetya was installed on more than 1 million computers.

Often via automated software updates.

Defenders still favor best of breed.

72% use best-of-breed solutions.

Get this year's report

Contributors to the Cisco 2018 Annual Cybersecurity Report

Cisco threat intelligence

Our threat researchers have a reputation for timely, accurate, and innovative work. We’d like to thank the following teams: the Talos Security Intelligence and Research Group, Security Research and Operations, and the Security and Trust Organization.

Technology partners

Our technology partners play a vital role in helping our company develop simple, open, and automated solutions that enable organizations to secure their environments. We would like to thank the following partners: Anomali, Lumeta, Qualys, Radware, SAINT, and TrapX.

Security Capabilities Benchmark Study

The Cisco 2018 Security Capabilities Benchmark Study examines the security posture of enterprises and their perceptions of how well they can defend against attacks. We thank the team who designed, implemented, and interpreted the results of the report.

Cisco products and services teams

Here at Cisco, we have a network of talented teams who are devoted to creating the most effective products and the best possible outcomes for our customers. We’d like to thank the teams behind Advanced Malware Protection (AMP) for Endpoints, Cloudlock, Cognitive Threat Analytics, the Product Security Incident Response Team (PSIRT), Security Incident Response Services, Threat Grid, and Umbrella.